By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: Apple paid only $1k for a critical security flaw graded 9.8/10
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > News > Apple paid only $1k for a critical security flaw graded 9.8/10
News

Apple paid only $1k for a critical security flaw graded 9.8/10

News Room
Last updated: 2025/07/31 at 7:16 AM
News Room Published 31 July 2025
Share
SHARE

Apple encourages security researchers to seek out and report vulnerabilities in its devices and apps, in return for which it pays bug bounties of up to $2M.

However, one security researcher who reported a Safari vulnerability Apple graded as Critical, and gave a severity score of 9.8 out of 10, says they were paid only $1,000 …

Apple upgraded its security bounty program back in 2022, and stated then that its average payout was $40,000 and that it had on twenty occasions paid a six-figure sum for “high-impact issues.” This included a total payout of $175k to a student who successfully hijacked both Mac and iPhone cameras.

However, Macworld reports that a researcher who found a critical security hole in Safari was paid only $1,000.

A researcher who goes by RenwaX23 on X posted about the bounty received for what seems to be a critical security hole. Found in Safari, the hole is a Universal Cross-Site Scripting (UXSS) vulnerability, a type where an attacker can impersonate a user and access their data. In this instance, RenwaX23 demonstrated that the hole can be used to access iCloud and the iOS Camera app.

The vulnerability was graded as Critical, with a score of 9.8 (on a scale of 10), so it wasn’t a small bug. Recorded as CVE-2025-30466, Apple fixed it in Safari 18.4, which was released with iOS/iPadOS 18.4 and macOS 15.4 update back in March. RenwaX23 received a fee for the bug discovery–a measly $1,000.

One possible explanation is that an attacker would need to trick a user into taking action before the exploit could be used. Apple does state that user interaction is one of the criteria used when determining bounty payouts.

However, another poster said that a vulnerability they discovered, which should have attracted a $50,000 payout according to Apple’s criteria, saw them receive only $5,000.

9to5Mac’s Take

It may be that Apple’s view of the real-life risk of exploitation was accurate, and that only a $1,000 payout was appropriate. However, there does seem a very large gap between Apple’s rating of the severity and the amount offered.

The danger of very low payouts is that it may encourage those discovering vulnerabilities to sell them on the blackmarket rather than reporting them to Apple. Payouts for critical vulnerabilities can run as high as $5M in the case of companies who want to exploit them to hack Apple devices.

Highlighted accessories

Photo by Josh Appel on Unsplash

FTC: We use income earning auto affiliate links. More.

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article How Apple’s New Spotlight Compares to Raycast
Next Article Proton Takes On Google, Microsoft Again With a New 2FA Security App
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

Microsoft Surface Pro 12-inch vs 13-inch: Which should you choose?
Gadget
Shinkai Launches v1.0: Onchain AI Agents Go Live with USDC and Coinbase x402
Gadget
Apple has sold 3 billion iPhones but Android is still king of the world
News
I lost my sister to online harms, the OSA is failing vulnerable people | Computer Weekly
News

You Might also Like

News

Apple has sold 3 billion iPhones but Android is still king of the world

4 Min Read
News

I lost my sister to online harms, the OSA is failing vulnerable people | Computer Weekly

6 Min Read
News

Princess Diana’s niece Lady Eliza shares engagement pics after partner proposes

7 Min Read
News

Today's NYT Connections Hints, Answers for Aug. 1, #782

3 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?